TorGuard is a venerable name in the VPN industry, boasting a decade of reliable service since its inception. Despite its longevity, it often remains overshadowed by industry giants such as ExpressVPN, NordVPN, and Surfshark. This review explores the reasons behind its relative low profile.
Features
- Rating: 3/5
- Price Range: $3.89 – $14.99 per month
- Refund Period: 7 days
- Headquarters: Panama
- Devices per License: 8, 12, or 30
- Server Count: 3,000
- Server Locations: 68 locations across 50 countries, including the USA, UK, Germany, Canada, Australia, and Hong Kong
- Streaming Sites Unblocked: Netflix, NBC, Channel 4
- Torrenting Support: Yes
- Logging Policy: No logs retained
- Customer Support: Available 24/7
- Website: TorGuard
Established in 2012, TorGuard has built a reputation for consistent performance over the years. Initially headquartered in St. Kitts and Nevis, the company is now based in Orlando, Florida, under the ownership of VPNetworks LLC.
Although TorGuard is a significant player in the VPN space, it does not command the same level of attention as major competitors like IPVanish, which also operates from Orlando. TorGuard’s offerings extend beyond consumer VPN services to include email protection systems, business VPN solutions, and VPN routers.
Understanding VPNs
Before delving into TorGuard’s service specifics, it’s essential to understand the fundamentals of a VPN and its operational mechanics.
A Virtual Private Network (VPN) was initially designed to enable remote workers to securely access corporate networks with the same privacy as if they were physically present in the office.
Privacy differs from security in that while data transmission across networks and the internet involves segments called packets, only the data payload is encrypted. The packet header, containing source and destination IP addresses, remains unencrypted, potentially exposing it to interception by entities such as Internet Service Providers (ISPs). Privacy is maintained by encrypting the entire packet, including the header.
VPNs create a secure private network over the public internet by employing encryption to protect all data packets within a session, known as a “tunnel.” A VPN client on the user’s device connects to a VPN server, and the two entities negotiate an encryption cipher applied to all packets for the session. Upon session termination, the encryption details are discarded.
The VPN client encapsulates each packet in an unencrypted carrier packet addressed to the VPN server. Although the ultimate destination of the packet may be a website like Yahoo, Netflix, or a news site, all traffic is tunneled through the VPN connection to the VPN server.
The VPN server decrypts the packet and forwards it to its final destination. Responses from the destination server are received by the VPN server, encrypted, and then sent back to the VPN client. The client decrypts and delivers the data to the requesting application.
The VPN tunnel ensures that the user’s internet activities remain private up to the VPN server, which further anonymizes the traffic by replacing the user’s IP address with one of its own. This anonymity is crucial for accessing geo-restricted content and services, which will be discussed further.
Privacy and Security
TorGuard distinguishes itself in the VPN market by offering an extensive array of privacy and security options. Unlike many competitors that limit their offerings to two or three VPN protocols, TorGuard supports six distinct protocols. This extensive selection underscores the service’s commitment to providing users with a broad spectrum of choices tailored to their specific needs.
TorGuard’s Location
One of the primary concerns regarding TorGuard’s privacy and security stems from its operational base in the United States. Although proximity to a major market might seem advantageous, it poses significant risks in the context of VPN services.
The U.S. legal system’s expansive reach and its mechanisms for surveillance can present vulnerabilities for VPN providers. Authorities, including copyright lawyers, possess the power to issue court orders compelling VPN services to disclose user information or to cooperate with investigations. This can extend beyond mere record disclosure to potentially tracking individual users’ activities, sometimes without the user’s knowledge.
While TorGuard does permit file sharing on its network, users should exercise caution. The potential for legal and surveillance scrutiny underscores the importance of understanding the risks associated with using VPN services in jurisdictions with robust surveillance capabilities.
VPN Logs
The issue of traceability is crucial when selecting a VPN provider. Many VPN services emphasize their no-logs policies to assure users of their privacy. VPNs operate by mapping a user’s real IP address to a temporary one, and retaining such mappings can enable tracing of online activities back to the user through ISP records.
In many jurisdictions, ISPs are mandated to retain activity logs for extended periods. If a VPN maintains logs, authorities can potentially trace activities through these records. TorGuard, however, adheres to a strict no-logs policy, ensuring that user activities remain confidential and protected from such legal scrutiny.
Gift Card Payments
A notable aspect of maintaining anonymity with VPN services is the payment method used. Traditional methods, such as credit cards or PayPal, can link a user directly to their VPN service. In response to this concern, TorGuard provides alternative payment options via gift cards, which enhance user anonymity.
Customers in the U.S. can use store gift cards from various retailers, facilitating a more anonymous transaction process. Additionally, purchasing TorGuard Gift Cards, which appear on credit card statements as gifts, provides another layer of anonymity. This method allows users to separate their VPN subscriptions from their primary email addresses, further enhancing privacy.
TorGuard VPN Protocols
VPN protocols are fundamental to the operation of VPN services, defining the rules and standards for secure communication. TorGuard supports a variety of protocols, including:
- OpenVPN: A widely-used, open-source protocol incorporating Transport Layer Security (TLS). Available across all TorGuard applications.
- WireGuard: A newer protocol gaining popularity for its speed and efficiency. Supported on Windows, macOS, Linux, iOS, and Android.
- IKEv2/IPSec: Developed by Cisco, this protocol is favored for mobile devices due to its lower power consumption. Available for iOS devices.
- L2TP: An older protocol, offered for manual setup on multiple platforms including Windows, Android, macOS, iOS, Chromebook, and routers.
- Stunnel: Utilizes TLS for the entire connection, available as a double VPN service on OpenVPN connections.
- AnyConnect: A Cisco protocol similar to Stunnel but uses a proprietary version of TLS called DTLS. It is available on the server setting rather than within the VPN app.
- OpenConnect: An improved version of AnyConnect, compatible with various VPN server equipment. Built into TorGuard’s desktop apps for Windows, macOS, and Linux.
TorGuard also provides a SOCKS5 Proxy, which, while offering anonymity by altering IP addresses, does not employ encryption and therefore does not qualify as a fully anonymous VPN solution.
In summary, TorGuard’s diverse protocol support and commitment to a no-logs policy, combined with its innovative payment options, position it as a robust choice for users seeking privacy and security in their VPN services.
TorGuard Encryption
TorGuard employs Transport Layer Security (TLS) to establish secure sessions. TLS ensures server authentication and protects the exchange of VPN encryption keys through a public key encryption system. In this method, encryption and decryption keys are complementary yet distinct, meaning the encryption key cannot be used for decryption, and the decryption key cannot be deduced from the encryption key. This characteristic allows the encryption key to be publicly shared without compromising security. TLS incorporates this mechanism to guard against man-in-the-middle attacks.
In a man-in-the-middle attack, an attacker intercepts communication between the client and server, posing as both parties. This allows the attacker to present their own public key to the client and decrypt all transmitted messages.
Under TLS, the client retrieves the encryption key from an SSL certificate held by a third-party authority. The client encrypts a challenge message using this key and sends it to the server. An interceptor, lacking the corresponding decryption key, cannot continue the deception. Upon receiving a correct response, the client can verify that it is communicating with the legitimate server. TorGuard utilizes the Diffie-Hellman key exchange, ensuring that the client also has a public key for the server to encrypt responses.
While TorGuard does not explicitly detail its public key cipher, its DNS-over-TLS service indicates the use of a 4096-bit RSA key on its SSL certificate. This is optimal, as longer keys significantly enhance security by increasing the difficulty of decryption attempts. A 4096-bit RSA key would require an impractically long time to crack.
All VPN protocols utilize symmetric ciphers for encapsulation. The Advanced Encryption Standard (AES) is employed, which uses the same key for both encryption and decryption. The key must be securely transmitted between parties, a process safeguarded by RSA-4098 encryption.
WireGuard employs ChaCha20 alongside AES-128. AES-128 uses a 128-bit key, which, while secure, is less robust than AES-256, which offers a 256-bit key and is highly secure. The OpenVPN implementation in TorGuard apps allows users to select between AES-128 and AES-256, with the latter providing superior security.
DNS Protection
The Domain Name System (DNS) translates web addresses into IP addresses. When a URL is entered into a browser, it queries a DNS server to obtain the IP address of the corresponding web server. This query is typically handled by the user’s ISP, which can log DNS requests and potentially block access to certain sites by redirecting URLs to false IP addresses. TorGuard addresses this issue by providing its own DNS service, effectively bypassing any external DNS systems and mitigating ISP control and logging.
IP Leak Protection
An IP leak occurs when a packet containing the real destination address bypasses encryption, exposing the user’s IP address. This can happen if the VPN connection drops unexpectedly. TorGuard prevents this issue by incorporating a kill switch in its apps, which disables internet access if the VPN connection is lost. This immediate disruption alerts users to the VPN disconnection. Additionally, TorGuard offers a unique feature called App Kill, which terminates specific applications if the VPN connection drops.
Simultaneous Connections
TorGuard offers three subscription tiers, each with different simultaneous connection allowances:
- Anonymous VPN: 8 devices
- Anonymous VPN Pro: 12 devices
- Anonymous VPN Premium: 30 devices
These allowances are generous compared to some VPN services, which limit simultaneous connections to four or six devices. Although some services offer unlimited connections, TorGuard’s high allowances are ample for most users. For home use, installing the VPN on a router counts as only one simultaneous connection while protecting all connected devices, leaving additional allowances for mobile devices.
Port Forwarding
Network Address Translation (NAT), used by VPN services, functions as a firewall, preventing external connections from reaching devices behind the server. While NAT enhances security, it can hinder applications requiring incoming connections, such as game servers or torrent clients. TorGuard offers port forwarding, allowing specific incoming requests through designated ports to reach a particular port on the user’s device. This configuration is managed through the TorGuard website, not within the VPN app.
A Note on Ports
In this context, a port is a logical address for applications and protocols, not a physical connector. Protocols are assigned specific port numbers, and applications on a computer continuously monitor incoming packets for these numbers. This process is analogous to an apartment number within a building; the port number directs incoming data to the correct application.
TorGuard Servers
TorGuard operates over 3,000 servers in 50 countries. For users in the USA, selecting a server location within a different city can help bypass regional sports blackouts imposed by streaming services. This allows access to content restricted by location-based filters.
TorGuard operates servers in eleven U.S. cities:
- Atlanta
- Chicago
- Dallas
- Las Vegas
- Los Angeles
- Miami
- New Jersey
- New York
- Salt Lake City
- San Francisco
- Seattle
Website Blocking
Websites often verify the origin of a request before delivering content. This verification is feasible because IP addresses worldwide are regulated by a central authority, which allocates these addresses in blocks to local organizations within each country.
This technique enables news sites to tailor the articles they display, and allows e-commerce platforms to determine local currencies and sales taxes. The entertainment sector, in particular, employs location-based access controls. Streaming services frequently restrict access based on geographic location.
Streaming platforms not only check the source of a request but also detect and block VPN usage. Thus, a highly effective VPN is essential to bypass these restrictions. Our testing of TorGuard revealed the following results:
Service Testing Results
- Netflix: Accessible in the USA, France, and the UK
- Disney+: Access blocked in the USA, France, and the UK
- BBC iPlayer: Blocked
- ITV Hub: Blocked
- Channel 4: Accessible
- ABC: Blocked
- NBC: Accessible
The results are noteworthy as Netflix is often regarded as one of the most challenging platforms to access across borders. While TorGuard successfully accessed Netflix, it encountered issues with Disney+ and BBC iPlayer, which detected the VPN and blocked access.
Pricing
TorGuard offers three subscription plans:
- Anonymous VPN: Allows up to eight simultaneous connections.
- Anonymous VPN Pro: Allows up to twelve simultaneous connections and includes a dedicated IP address.
- Anonymous VPN Premium: Allows up to thirty simultaneous connections, includes a dedicated IP address, and provides a free Gli Shadow router with the annual plan.
Each plan is available in several payment periods:
- Monthly (one month)
- Quarterly (three months)
- Semi-Annually (six months)
- Annually (one year)
- Biennially (two years)
- Triennially (three years)
Longer subscription periods offer lower monthly rates, but payment for the entire duration is required upfront. Subscriptions are billed in U.S. dollars regardless of the subscriber’s location.
Here’s a summary of the VPN packages, pricing, and performance for TorGuard:
VPN Packages and Pricing
Anonymous VPN:
- Monthly: $9.99
- Quarterly: $19.99 ($6.66 per month)
- Semi-Annually: $29.99 ($5.00 per month)
- Annually: $59.99 ($5.00 per month)
- Biennially: $99.99 ($4.17 per month)
- Triennially: $139.99 ($3.89 per month)
Anonymous VPN Pro:
- Monthly: $12.99
- Quarterly: $34.99 ($11.66 per month)
- Semi-Annually: $69.99 ($11.67 per month)
- Annually: $119.99 ($10.00 per month)
- Biennially: $179.98 ($7.50 per month)
- Triennially: $249.99 ($6.94 per month)
Anonymous VPN Premium:
- Monthly: $14.99
- Quarterly: $40.99 ($13.66 per month)
- Semi-Annually: $70.99 ($11.83 per month)
- Annually: $129.99 ($10.83 per month) – includes a free router
- Biennially: $180.00 ($7.50 per month)
Additional Costs:
- Dedicated IP Address for Streaming: $7.99 per month extra
- Residential Streaming IP Address: $13.99 per month extra
- VPN Server (USA, UK, Netherlands, Canada): $14.99 per month extra
Payment Methods:
- Credit Cards (Mastercard, Visa, American Express, Discover)
- PayPal
- Cryptocurrency (Bitcoin, Litecoin)
- Paywall
- Amazon Pay
- Gift Cards
Refund Policy:
- 7-day money-back guarantee, but no refund for the dedicated IP address portion of the subscription.
Sales Tax:
- TorGuard does not add VAT to the bill.
Speed Test Results
Baseline Speed (Without VPN):
- Download Speed: 10.40 Mbps
- Upload Speed: 7.17 Mbps
With Nearby TorGuard Server:
- Download Speed: 4.19 Mbps
- Upload Speed: 7.53 Mbps
With Remote TorGuard Server (Sydney, Australia):
- Download Speed: 3.08 Mbps
- Upload Speed: 7.22 Mbps
International Speed Tests:
- TorGuard Server in New York to Sydney:
- Download Speed: 3.82 Mbps
- Upload Speed: 2.86 Mbps
- TorGuard Server in Hong Kong to Sydney:
- Download Speed: 3.12 Mbps
- Upload Speed: 1.35 Mbps
The VPN does have a noticeable impact on speed, especially for international connections, with the biggest slowdown occurring for download.
Installation Instructions
Select a Plan: Choose a TorGuard Anonymous VPN plan, select a payment period, and any desired add-ons.
Complete the Order Form: Provide your name and a valid email address in the order form. The email address must be accessible, as your login credentials will be sent there.
Payment and Agreement: Select your preferred payment method and accept the Terms and Conditions. Proceed by clicking “Checkout” to finalize the purchase.
Order Confirmation: After completing the purchase, you will be directed to an order confirmation page and automatically logged into your account on the TorGuard website.
Download the App: On the order confirmation page, you will find links to download the app. For Android, the link will direct you to the Google Play Store, while for iOS, it will lead to the Apple App Store. For desktop systems, click the relevant icon to download the installer and follow the prompts to install the application.
Setup and Login: Open the app and enter your email address as the username, along with the password you created during checkout. To view available servers, click on the location tab at the bottom of the app.
Configure Settings: Before activating the Best VPN, review the app’s settings, including features like the kill switch. Access the settings by clicking the cogwheel icon in the top right corner of the app.
Select VPN Protocol: To view VPN protocol settings, click the hamburger menu icon in the top left corner. The available protocols depend on your operating system; for instance, the Windows app supports WireGuard, OpenConnect, and OpenVPN.